Arbitrary Code execution Vulnerability in Microsoft Windows Media Player

A new WMP vulnerability can result in the execution of arbitrary code on the vulnerable system.

Ken Pfeil

May 8, 2003

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported May 07, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·        Microsoft Windows Media Player (WMP) 8.0 and 7.1

 

DESCRIPTION

 

A new WMP vulnerability can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way WMP handles the download of skin files. This flaw could permit an attacker to force a file (e.g., a malicious executable) masquerading as a skin file into a certain location on a user's machine.

 

VENDOR RESPONSE

 

Microsoft has released Security BulletinMS03-017, "Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered byJouko Pynnonen ofOy Online Solutions Ltd, Finland andJelmer.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like